mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-20 21:31:28 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: cfgparse: correctly deal with empty lines

Browse Source 
Issue 23653 in oss-fuzz reports a heap overflow bug which is in fact a
bug introduced by commit 9e1758efb ("BUG/MEDIUM: cfgparse: use
parse_line() to expand/unquote/unescape config lines") to address
oss-fuzz issue 22689, which was only partially fixed by commit 70f58997f
("BUG/MINOR: cfgparse: Support configurations without newline at EOF").

Actually on an empty line, end == line so we cannot dereference end-1
to check for a trailing LF without first being sure that end is greater
than line.

No backport is needed, this is 2.2 only.
This commit is contained in:
Willy Tarreau 2020-06-26 17:24:54 +02:00
parent c184d87558
commit 08488f66b6
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/cfgparse.c
View File

@ -1916,7 +1916,7 @@ next_line:
readbytes = 0; readbytes = 0;
if (*(end-1) == '\n') { if (end > line && *(end-1) == '\n') {
/* kill trailing LF */ /* kill trailing LF */
*(end - 1) = 0; *(end - 1) = 0;
} }